I don’t know for the authconfig-gtk package because it requires a graphical interface but, concerning the two others, you will be able to install them during the exam. Also, you have to keep in mind that setting up a repository (local or remote) can be part of the exam.

1 year 12 days ago

Member

brthomasusa

You wrote “… As the authconfig-tui command is deprecated …”. authconfig-tui is available in RHEL/CentOS 7.1 and 7.2. On what version of RHEL is authconfig-tui deprecated. I was counting on it being available.

The authconfig-tui command is definitively deprecated. But this doesn’t mean you can’t use it with RHEL 7 anymore. The command is still there and you can use it.
However, all the new features (appearing in RHEL 7 included) will not be backported and this command will disappear with RHEL 8. Why would you learn a command about to disappear? I can only see an explanation: because it’s easier. I think it’s certainly possible to find a way to memorize the necessary arguments to use with the authconfig command.

11 months 8 days ago

Member

brthomasusa

Thanks for the explanation. You are right, it is easier to remember. In preparing for the exam, I’m trying to reduce the amount of facts that must be remembered. Once I am working in the field, I won’t have to memorize everything.

I will try to find a way to sum up all the LDAP client side configuration.
For the time being, I’m sticking with what is working.
I’m still open to any shortcut.

11 months 7 days ago

Member

bhill1278

In chapter 6 of Sander’s book he uses authconfig-tui. After configuring an ipa server exactly like in appendix D of the book, I followed the steps to the letter in appendix D and the exercise in chapter 6, but no go. I could’nt authenticate with an ldap user, I kept getting user does not exist. I am running 7.2. I’m not sure that authconfig-tui is writing the correct settings to nslcd.conf. However the authconfig method works perfect, just more to remember. So much for an easier method. Has anyone else had any luck with the tui method post RHEL 7.0?… Read more »

11 months 1 day ago

Member

bajeradai

I’m having same problem in Rhel 7 and also I tried above steps with both methods but still not able to set. Everything works except this command:# scp root@instructor.example.com:/etc/openldap/certs/cert.pem /etc/openldap/cacerts/cert.pem.
I get the message instructor.example.com is not resolved.
If anybody have ideas please share with me.
Thanks.

You need to edit your local /etc/hosts file to add a line with the IP address and Full Qualified Domain Name of the LDAP server:192.168.x.y instructor.example.comThe other option is to configure a DNS server.

11 months 1 day ago

Member

bizzle

Figured I’d add this because I’ve had significant complications with this as I follow along in van Vugt’s book. The server I have is configured according to Appendix D in his book and the following works for me,

There are differences in which files are written into and which daemons are started but I’m not able at this time to describe all of them: it’s a difficult work to do because it depends on the version of RHEL 7 (7.0, 7.1, 7.2) and the level of patches applied for each of the packages involved (pam, sssd, etc). This is the reason why Sander van Vugt advises to install the package group called Directory Client and to keep the same minor version when preparing the exam without any patch.

7 months 6 days ago

Member

quaie

what about the lines below ? it worked for me with the additional settings added to /etc/sssd/sssd.conf (there is no tls for this free online ldap server, but that would be quite trivial to configure on the client)

Interesting. I could not get the sssd method to work, but the nslcd method worked first try no issues. Other than a package difference on install and the: # authconfig –enableforcelegacy –update command, they are pretty much the same. The sssd option kept giving me the user not found error. So a few questions: 1) Should I be concerned, or just use the nslcd method if asked to do so on the exam? 2) While not listed, I tried to reapply the seLinux context to the downloaded cert.pem file on the client. It was the same before and after anyway.… Read more »

6 months 3 days ago

Member

scryptkiddy

Did I ask a stupid question that was already answered, or did I stump everyone. =)

5 months 23 days ago

Member

alejflor

When you talk about “the LDAP server certificate”, do you mean a CA ldap certificate? I am having problems with the cert when I start SSSD. Should I: 1)generate a CA cert from the server 2) generate a normal cert for the ldap server 3)Sign the ldap cert with the CA 4)transfer the new signed cert to the client? I am working with RHEL 7.

Do what in the tutorial: create a self-signed certificate. There is no need of a CA cert here.

4 months 4 days ago

Member

reaz_mahmood

Following the sander’s video tutorial, I have been practising ldap client configuration using authconfig-gtk. But as you replied in another comment that since its a graphical interface, it may not be available in the exam. I am curious to know is there any restriction on using graphical environment on the rhcsa exam?

As I’m sure the Command Line Interface will be available during the exam ;), I advise to use it. However, the graphical environment is perhaps available but I can’t give you any additional information on this point.

Independently of whether a GUI is available on the exam or not, you can always install it yourself if you believe it’s reasonable. There are no restrictions in terms of using a GUI. If it’s pre-installed – use it, if it’s not installed, then install and use it.

3 months 5 hours ago

Member

reaz_mahmood

So as far as exam is concerned, we will be given the ldap server name and url of the ca certificate as provided info, rest of the settings we have to figure out. Am I correct?